公开(公告)号：US11770700B2

公开(公告)日：2023-09-26

申请号：US17851609

申请日：2022-06-28

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Stefan Lemsitzer

IPC: H04W12/02 ,  H04W12/0433 ,  H04W12/069 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04W12/02 ,  H04L9/3236 ,  H04L63/0869 ,  H04W12/0433 ,  H04W12/069

Abstract: Various embodiments relate to a method and system for resuming a secure communication session with a server by a device, including: sending a message to the server requesting the resumption of a secure communication session; receiving from the server a server identifier, a server nonce, and a salt; determining that the device has a shared key with the server based upon the server identifier; determining that the received salt is valid; calculating a salted identifier based upon the shared key and the salt; sending the salted identifier to the server; and resuming the secure communication session with the server.

公开(公告)号：US11295025B2

公开(公告)日：2022-04-05

申请号：US16427977

申请日：2019-05-31

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Jan Hoogerbrugge ,  Ventzislav Nikov ,  Asier Goikoetxea Yanci

IPC: G06F21/60 ,  G06F17/18 ,  G06F21/62

Abstract: A chip for securing storage of information includes a manager to access a pointer and a cipher engine to decrypt stored data. The pointer includes a first area and a second area. The first area includes an address indicating a storage location of the data and the second area includes a safety tag. The cipher engine decrypts the data output from the storage location based on a key and the safety tag in the second area of the pointer. These and other operations may be performed based on metadata that indicate probabilities that a correct safety tag was used to decrypt the data. In another embodiment, the manager may be replaced with an L1 cache.

公开(公告)号：US20210306852A1

公开(公告)日：2021-09-30

申请号：US16829401

申请日：2020-03-25

Applicant: NXP B.V

Inventor： Marcel Medwed ,  Pim Vullers ,  Joost Roland Renes ,  Stefan Lemsitzer

IPC: H04W12/06 ,  H04L9/32 ,  H04W12/00

Abstract: A method is provided for authenticating one device to another device. In the method, a first device proves to a second device that a first credential comprising multiple first attributes is valid. The second device proves to the first device that a second credential comprising multiple second attributes is valid. The first device reveals a first attribute of the multiple first attributes to the second device. The second device verifies the first attribute and decides whether to continue revealing attributes. If continuing, the second device reveals to the first device a first attribute of the multiple second attributes. The first device verifies the first attribute of the multiple second attributes. The first device decides whether to continue revealing attributes. Attributes can be revealed until one of the first or second devices end the method or until no attributes of the multiple first and second attributes remain to be revealed.

公开(公告)号：US10824560B2

公开(公告)日：2020-11-03

申请号：US16278246

申请日：2019-02-18

Applicant: NXP B.V.

Inventor： Jan Hoogerbrugge ,  Marcel Medwed ,  Ventzislav Nikov ,  Asier Goikoetxea Yanci

IPC: G06F12/0802 ,  G06F12/0804 ,  G06F21/78 ,  G06F21/79

Abstract: A data processing system and method for protecting a memory from unauthorized accesses are provided. The data processing system includes a system bus, a memory coupled to the system bus through a memory controller, and a processing core including a cache system. The memory controller is coupled to the system bus for controlling accesses to the memory that are requested by the processing core. A memory protection circuit uses one or more memory safety violation (MSV) indicators stored in out-of-bounds areas of the memory for detecting when the processing core attempts to access an out-of-bounds area of the memory. The processing core generates an error signal, such as an interrupt, when an attempt to access the out-of-bounds area is detected. The out-of-bounds area may be an unallocated area of the memory. The MSV indicator may be written to the memory by executing a flush instruction of the cache system, and may include the same number of bits as a cache line of the cache system. A data value of the MSV indicator may be a secret data value.

公开(公告)号：US20160072779A1

公开(公告)日：2016-03-10

申请号：US14850886

申请日：2015-09-10

Applicant: NXP B.V.

Inventor： Marcel Medwed ,  Martin Feldhofer ,  Ventzislav Nikov

IPC: H04L29/06

CPC classification number: H04L63/068 ,  H04L9/003 ,  H04L9/0618 ,  H04L63/062 ,  H04L2209/805

Abstract: Methods of securing a cryptographic device against implementation attacks, are described. A disclosed method comprises the steps of obtaining a key (230) from memory of the cryptographic device; providing the key and a constant input (210) to an encryption module (240); deriving an output (250) of encrypted data bits using the encryption module (240); providing the output (250), the key (230) and an input vector (270) to a key update module (260); and using said key update module (260) to modify the key based on at least a part (270a) of the input vector (270) to derive an updated key (230a). This prevents the value of the key from being derived using the updated key or by using side-channel attacks because the input is constant for all keys. Additionally, by altering the input vector, the updated key is also altered.

Abstract translation: 描述了保护加密设备免遭实施攻击的方法。 所公开的方法包括从密码装置的存储器获取密钥（230）的步骤; 向加密模块（240）提供密钥和恒定输入（210）; 使用加密模块（240）导出加密数据比特的输出（250）; 向密钥更新模块（260）提供输出（250），密钥（230）和输入向量（270）; 以及使用所述密钥更新模块（260）基于所述输入向量（270）的至少一部分（270a）来修改所述密钥以导出更新的密钥（230a）。 这样可以防止使用更新的密钥或通过使用侧信道攻击来导出密钥的值，因为所有密钥的输入是不变的。 另外，通过改变输入向量，更新的密钥也被改变。